Posted on 03/01/2005 3:07:13 PM PST by holymoly
Just a day after one security firm warned of a vulnerability in Firefox and Mozilla, a rival disclosed that another eight threaten the open-source browsers.
The Danish security firm Secunia on Tuesday laid out the flaws, most of which could be used by criminals to spoof, or fake, various aspects of a Web site, ranging from its SSL secure site icon to the contents of an inactive tab.
Other bugs can be exploited remotely by hackers able to introduce code of their own choosing on the vulnerable machine, possibly taking control of it or giving them access to files. For example, Firefox's extensions -- its name for plug-ins -- can be manipulated to create a temporary directory that can then be exploited by attacks to delete files from the computer. Another flaw in the automatic form filling feature -- used to quickly complete forms with personal information, or even credit card numbers -- could be exploited to trick users into divulging some of that information.
Secunia collectively rated the vulnerabilities as "Moderately Critical," and said that only Firefox has been fixed. Users should download the newest edition, Firefox 1.0.1, which was released last week.
The vulnerabilities have been corrected in Mozilla, but the patched edition, 1.7.6, has not yet been officially released. The same goes for Thunderbird, the Mozilla Foundation's free e-mail client, which is also susceptible to the bugs. Both Mozilla 1.7.6 and Thunderbird 1.0.1 should roll out this week, Mozilla has said.
Firefox 1.0.1 an be downloaded from the Mozilla Web site.
I just download it and it went right in to my old firefox! It says 1.0.1. No need to uninstall.
On the other hand, IE has been around much longer and has a much larger user base (making it a bigger target). I still think that if something is transparent, it should be easier to hack (fishbowl vs. black box). That you don't observe it happening yet does not change the situation.
I hate the way FF won't keep each instance downloading to the directory you point it to. If you have two instances of FF open and set the 1st to download to one directory and the second to download to another, the next download on the first instance will go to the directory you pointed the second instance to. IE remembers the correct directory for each instance of the browser.
FF can't kiosk the way IE does: if you use autohide on your Start Bar and autohide on the browser toolbar, IE will allow you to go to the bottom of the screen with your mouse and the Start Bar will pop up --- FF stays in front of the Start Bar forcing you to use the Windows key or taking the browser out of kiosk mode to get the Start Bar to pop up. I find that incredibly annoying.
On the otherhand, FF browses noticeably quicker than IE (personally, I don't think it's actually faster, I think it's the way that FF loads graphics). FF is more robust than IE: I can crash IE now and again but I have yet to lock up FF.
Pop up blocking was never an issue with IE for me....I had a good way around it so I don't notice a difference between the two browsers in that regard. But for the uneducated user, FF is far superior to IE in the pop-up realm.
FF also is able to remember picture filenames and doesn't convert them to "Untitled.bmp" the way IE often does. The fact that MS hasn't yet solved this problem - and it's been a widely known problem since the first version of IE - is particularly damning of the company.
There's others but....you know: no program is perfect.
You also have to remember the size of some of the pieces of software. You're talking huge amounts of code. It's so easy to get lost and lose track of all the logic and miss vulnerabilities. Mozilla and Firefox are smaller and updated faster. Microsoft inspires attacks just because it's Microsoft. Kind of a pity.
They all have their own nice features.
OffByone?
When you downloaded Mozilla did you notice where the download came from? I think microsoft is taking IE dominance for granted. They are losing market share. They have most of it but they are still losing share.
I have to use IE but tend to use Netscape which is essentially Mozilla. I'll wait on Firefox. I hate using 1.0 or 1.01! I'll let you trailblaze for me first.
Google I hear is coming out with a browser too. I had to do research on it. Saw some screen shots of it. It looks nice. Open source sounds nice but all the bad guys can peer under the hood and see how to screw you up.
Look out for Google. They seem pretty good.
Yea, I'd thought I read they'd lured some programmers away from the Mozilla/Firefox team. I've been anxiously waiting to see what they produce.
Use the mozilla based Safari that comes with your Mac OSX... Keep the IE around for those rare pages that don't comply with the HTML standards and use MS-HTML instead.
Lynx is never targeted.
Hey, Swordmaker, I know this is an old thread, but Safari isn't based on Mozilla or the Gecko engine: it's a custom code job based on the Konquerer browser's KTHML engine.
Tech Ping
Better yet, I just download the HTML as plain text and read it that way. Blasted banner ads still get in the way, though.
Play with it more. It's a good browser, but not perfect by any means. The slowdowns drive me nuts and there is a lot of content out there that will simply spit Safari out as an unsupported browser.
The v0.8.2 Camino browser is pretty lean and mean.
Uninstall Firefox 1.0, and then download and install 1.01. Your preferences will still be there when 1.01 opens.
I use Firefox on my OS-X laptop. It's a wonder. Safari is good to, though.
On my 9x machines I use Mozilla.
I have a G4 from '01 if memory serves (I'm at work right now). I just made the leap from OS 9 to the latest version of OS X a few weeks ago. Sounds like it's the time to leap to Mozilla as well. Thanks!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.